Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to  
Twitter targeted by XSS worms
Published: 2009-04-13

A Web worm and three variants spread to hundreds of user accounts on Twitter's microblogging network over the weekend, producing upwards of 10,000 posts, or "tweets," to other users, the company stated on Sunday.

The worms, which started spreading at 2 a.m. on Saturday morning, used a Javascript exploit to take advantage of a cross-site scripting (XSS) vulnerability in Twitter, infecting users' profiles with malicious code. The compromised accounts then sent out their own messages to further spread the worm.

A 17-year-old resident of Brooklyn and owner of Twitter competitor, StalkDaily, acknowledged creating and releasing the worms, according to several news reports. "I ... basically did it because I was bored," the alleged creator told CNET "And I didn't think Twitter would fix (the flaw) very soon. But I didn't think it would spread as far or as fast as it did."

Twitter likened the atack, which many referred to as the StalkDaily worms, to the Samy program that propagated amongst MySpace users in 2005 and hinted that the company would pursue legal action against the author.

"At that time, MySpace filed a lawsuit against the virus creator which resulted in a felony charge and sentencing," the company stated on its blog. "Twitter takes security very seriously and we will be following up on all fronts."

While the StalkDaily worms did not steal users' credentials, security experts have warned in the past that such Web worms could pose a significant danger as social networks become increasingly popular. Similiar to the Samy worm that spread through the Myspace network in 2005, the StalkDaily worm followed a particular users' account — in the case, "onedegrees." Future Web worms could spread through social networks, infect a victim's computer and then continue spreading, or jump to other social networks, security researchers have warned.

Twitter is currently conducting a postmortem analysis of the incident and plans to release further details.

"We are still reviewing all the details, cleaning up, and we remain on alert," the company said on its blog. "Every time we battle an attack, we evaluate our web coding practices to learn how we can do better to prevent them in the future."

Editor's note: While the alleged creator of the StalkDaily worms has talked to the media, it's the policy of SecurityFocus to refrain from identifying minors without their guardian's permission.

If you have tips or insights on this topic, please contact SecurityFocus.

Posted by: Robert Lemos
    Digg this story   Add to  
Comments Mode:


Privacy Statement
Copyright 2009, SecurityFocus